kdesu default super-user-command

Thomas Friedrichsmeier thomas.friedrichsmeier at ruhr-uni-bochum.de
Thu Nov 22 21:14:06 GMT 2007 

On Thursday 22 November 2007, Oswald Buddenhagen wrote:
> On Thu, Nov 22, 2007 at 07:45:47PM +0100, Thomas Friedrichsmeier wrote:
> > Yeah, except the "real" command is written to kdesu_stub's stdin, not
> > passed as a command-line option. I don't think sudo can handle *that*.
>
> oops. that should be reconsidered. wanna take a look?

Hm, I did take a short look, but not sure I really want to see this through. 
Simply making the command to run a command-line option should be easy enough, 
but would not be the end of the story.

kdesu_stub also asks for - among other things, which should be less 
problematic(*) - a path, and in fact allows for a complete environment to be 
specified via stdin. I suppose if that were to be allowed, then sudo 
restrictions are effectively meaningless once again. So could we get rid of 
that?

kdesu (the app) uses this to carry over kapp->startupId(), KDEHOME, and the 
real user name. I suppose these could be turned into single options in 
kdesu_stub to effectively restrict misuse.

The path is generally copied verbatim from the environment. No idea what could 
be done about this.

Next problem is that SshProcess also uses kdesu_stub. I suppose in this case 
the option to set a bunch of environment variables freely can be rather 
useful. So for this context the possiblity to pass an environment via stdin 
should probably be preserved. Which starts to smell like having to create an 
entirely separate stub for SshProcess...

I guess I'm starting to understand why the ubuntu people have chosen to create 
kdesudo as a kdesu drop-in-replacement (which unfortunately is not really 
compatible, yet, and breaks several apps). Trying to *really* support both su 
and sudo seems to be not entirely trivial using the current libkdesu.

Regards
Thomas

---------------

(*) Then there's also an xauth cookie. I don't pretend to understand the 
security implications of this.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20071122/31a167d6/attachment.sig>

More information about the kde-core-devel mailing list